IInsurAGI
Comment ça marcheFonctionnalitésTarifsGuide d'assuranceBlogÀ propos
Comment ça marcheFonctionnalitésTarifs

Guides

Guide d'assurance
BlogÀ propos

IInsurAGI

Des conseils en assurance indépendants propulsés par l'IA. Nous vous aidons à optimiser votre protection.

Produit

  • Accueil
  • Comment ça marche
  • Fonctionnalités
  • Tarifs

Ressources

  • À propos
  • Blog
  • Guide d'assurance
  • Questions des utilisateurs
  • Sécurité

Mentions légales

  • Conditions d'utilisation
  • Politique de confidentialité
  • Politique des cookies
  • Utilisation acceptable
  • Sitemap
InsurAGI AB·Org.nr: 559430-3397·Hornsgatan 29 e, 118 49 Stockholm, Sweden

© 2026 InsurAGI. Tous droits réservés.

Sécurisé et chiffré
Privacy

Integrity Policy for Protection of Personal Data

Last updated: June 4, 2026. We respect your privacy and explain here how we process personal data, what we collect, why, with whom we share it, how we protect it and the choices you can make.

We respect your privacy. In this integrity policy for the protection of personal data (the 'Policy'), we describe how we process personal data, which personal data we collect, why we collect it, with whom we share it, how we protect it and which choices you can make with respect to our processing of your personal data.

The Policy applies to all personal data (as defined below) collected, stored or processed by or on behalf of InsurAGI AB, reg. no. 559430-3397 (the 'Company', 'we' or 'us'), which has a connection to a specific individual in their relations with the Company as a customer or consumer or which is available in the public domain. The Company is responsible for the processing of personal data. InsurAGI does not share individual user data with group companies for product development, model improvement, analytics, support or commercial purposes.

The Policy also includes all websites or mobile websites owned by the Company where personal data is processed, such as www.insuragi.com (collectively, the 'Website').

The InsurAGI service is intended for users who are at least 18 years old. We use an age gate. Adults may upload household insurance documents that include information about family members, including children, only where this is necessary for the relevant insurance analysis. You must not upload third-party personal data unless it is necessary for your insurance matter and you have the right to share it with us.

The requirements and guidelines in this Policy supplement applicable laws and regulations on the protection of personal data and do not replace them. In the event of a conflict between applicable data protection law and this Policy, the applicable law shall prevail. The Company can amend this Policy at any time; you should read it from time to time via the Website to stay updated on any amendments.

Definitions

  • Processing: any operation or set of operations performed on personal data, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
  • EEA: the European Economic Area (the EU member states, plus Iceland, Liechtenstein and Norway).
  • Personal Data: any information relating to an identified or identifiable living individual — one who can be identified, directly or indirectly, by reference to identifiers such as a name, identification number, location data, online identifier, or one or more factors specific to their physical, physiological, genetic, mental, economic, cultural or social identity.

Main Principles

  • Lawfulness, fairness and transparency: we process Personal Data only where we have a lawful basis and we aim to explain our processing clearly.
  • Purpose limitation: we collect and use Personal Data only for specified, explicit and legitimate purposes described in this Policy.
  • Data minimisation: we limit the Personal Data we collect and process to what is necessary and relevant for the purposes described in this Policy.
  • Accuracy: we take reasonable steps to keep Personal Data accurate and up to date where necessary.
  • Storage limitation: we do not keep Personal Data for longer than necessary for the relevant purposes, unless a longer retention period is required or permitted by law.
  • Security, integrity and confidentiality: we use appropriate technical and organisational measures to protect Personal Data against unauthorised or unlawful processing and against accidental loss, destruction or damage.
  • Third-party access: we only give third parties access to Personal Data where necessary for the purposes described in this Policy and subject to appropriate safeguards.
  • Direct communications and cookies: we send direct communications and use cookies or similar technologies only in accordance with applicable law, this Policy and our Cookie Policy.

Collection of Data

We may collect Personal Data directly from you, automatically when you use the Website, App or service, and from service providers used to operate the service. The categories of Personal Data we may process include:

CategoryExamples of Personal Data
Account and contact dataName, email address, login/account identifiers, age confirmation, settings, subscription status and communications with us.
Insurance documents and contentUploaded insurance policies, IPIDs, insurance letters and other documents you choose to upload, plus information extracted from them, such as insurer, product, cover, exclusions, limits and dates.
Questions, prompts and AI outputFree-text questions, scenario descriptions, prompts, answers, chat history and related metadata needed to operate the service.
Derived service dataDocument matches, policy tags, coverage findings, duplicate-cover findings, summaries, cached context, InsurAGI Score and similar user-visible results.
Technical retrieval dataTechnical indexes or embeddings linked to your documents/account, where needed for retrieval or indexing. We treat these as personal data where they can be linked to you or your documents.
Sensitive data you choose to provideInsurance documents or scenario descriptions may include health, accident, medical, disability or other special-category data. We ask you not to include more sensitive data than necessary.
Children and third-party dataHousehold documents may include data about children or other people, such as family members, witnesses, claim handlers, counterparties or employers.
Usage, device and security dataIP address, device/browser information, timestamps, login and session events, security logs, audit logs, support-access logs and limited technical metadata.
Payment and subscription dataSubscription status and limited payment metadata in our system. Stripe handles card details and most payment/fraud/regulatory processing.
Analytics and cookiesCookie consent state, language preference, landing-page analytics after consent, and cookieless performance telemetry where applicable. See our Cookie Policy.
Support dataSupport requests, messages, troubleshooting information and support-access records.

We do not intentionally collect full payment card details; payments are handled through our payment provider, Stripe. We do not knowingly allow individuals under 18 to create an account or use the service directly. However, adults may upload household insurance documents that include information about children or other family members where necessary for the requested insurance analysis.

Why Does the Company Need Your Personal Data?

The Company processes your Personal Data for the following purposes (the 'Purposes'):

  • Core service: create and manage your account, receive and store uploaded insurance documents, extract relevant information, answer questions, provide document-supported explanations and make user-visible findings available to you.
  • Requests and support: answer your questions, effectuate your requests, provide support, troubleshoot issues and handle justified escalations.
  • Newsletters and direct communications: send communications you have requested or subscribed to. You can unsubscribe at any time.
  • Website analytics: analyse use of public marketing and landing pages where you have consented to analytics cookies. Google Analytics is not used in logged-in service areas, document views or AI chats.
  • Security, fraud prevention and system protection: protect accounts, documents, systems, intellectual property, economic interests and the integrity of users and employees.
  • IT support and development: operate, maintain, secure, debug and develop the service. Product improvement uses synthetic data and anonymised or aggregated information, not raw customer documents, prompts, chat content or individual user data.
  • Compliance with laws: comply with laws and regulations and establish, exercise or defend legal claims.
  • Aggregated statistics: create robustly aggregated or anonymised statistics that do not identify individual users, for example for internal analysis or partner reporting.
  • Payments and subscription administration: manage subscription status, payment flow, billing metadata, accounting and related administration through Stripe and our internal systems.
  • Corporate transactions: prepare and carry out a consolidation, joint venture, acquisition, divestment or transfer of Personal Data, assets or the business, or any other ownership change, reorganization, corporate transaction or financing.
  • Other communicated purposes: any other purpose described and communicated to you before your Personal Data is used for it.

The Company only processes Personal Data to the extent necessary to achieve the relevant Purpose and for other purposes explicitly permitted under applicable data protection law.

The Service, AI Providers, Document Segmentation and No-Training

At launch, the service lets users upload insurance documents and ask questions about existing insurance cover. The AI output provides document-supported explanations, clause references, neutral next steps and general process guidance. It is not intended to provide insurance mediation, personal financial advice, legal advice or claims decisions.

You may ask questions such as whether a situation appears to be covered. The answer should be cautious, conditional and tied to the relevant policy wording. The service does not decide whether you are entitled to compensation, does not affect your price, terms, access to insurance or claims process, and does not send output automatically to insurers, unions, employers or other partners.

Where the service displays an InsurAGI Score or similar findings, the score measures analysis basis and coverage clarity. It is not a score of your personal insuranceworthiness, risk level, health, claims outcome or objective value as a policyholder. User-level scores, coverage gaps, duplicate-cover findings and similar findings are user-visible, minimal, exportable and deletable.

The service uses Microsoft Azure/OpenAI for LLM/API functionality. When technically necessary to answer your question, relevant excerpts or segments from uploaded documents and minimised metadata may be sent to the LLM provider. Full documents are sent only where local extraction or segmentation is insufficient for the requested function.

Customer data is not used by InsurAGI or by the LLM provider for model training or fine-tuning. Product improvement, debugging, evaluation and quality testing are carried out using synthetic data and anonymised or aggregated data, not raw customer documents or chat content. Where technical retrieval or indexing creates embeddings or similar artefacts, they are stored in an EU/EEA-controlled environment, treated as personal data where linkable, and deleted when the source document is deleted.

Special-Category Data, Health Data and Consent

Insurance material may sometimes reveal health, accident, disability, medical or other special-category information. You should only upload or type sensitive information when it is necessary for the insurance analysis you request. We may provide warnings or separate consent steps before such information is processed.

Where we rely on explicit consent under Article 9(2)(a) GDPR for special-category data, you can withdraw that consent. Withdrawal does not affect processing already carried out, but future processing of the relevant sensitive data will stop. Uploaded sensitive documents and derived data will be deleted or restricted unless a concrete legal hold or legal obligation requires limited continued storage.

We do not use health data, children's data, claims history or other sensitive information to train AI models, to build marketing audiences, to score your insuranceworthiness or to share individual results with partners.

Data Controller

The Company is the data controller for all processing of Personal Data that the Company, or any party on behalf of the Company, conducts unless otherwise stated in this Policy. The Company has not appointed a specific Data Protection Officer.

Legal Basis

We use purpose-specific legal bases. We do not rely on a general 'consent by using the service' for all processing.

PurposeLegal basis
Provide the core serviceArticle 6(1)(b) GDPR: necessary to perform the user agreement.
Process special-category data you choose to upload or typeArticle 6(1)(b) and Article 9(2)(a) GDPR: explicit consent for special-category data, which you may withdraw.
SupportArticle 6(1)(b) GDPR for service-related support; Article 6(1)(f) GDPR for limited operational and security measures connected to support.
Security, fraud prevention and system protectionArticle 6(1)(f) GDPR: our and users' legitimate interests in secure operation of the service.
Payments and subscription administrationArticle 6(1)(b) GDPR; for accounting, tax and bookkeeping records, Article 6(1)(c) GDPR.
Accounting and legal complianceArticle 6(1)(c) GDPR where required by law; Article 6(1)(f) GDPR to establish, exercise or defend legal interests.
Analytics on public marketing/landing pagesConsent for non-essential cookies; Article 6(1)(a) GDPR where analytics involves personal data.
Product improvementNo personal-data basis required for truly anonymised data. If personal data were ever proposed for improvement, a separate legal basis and notice would be required.
Direct communications you requestConsent or other applicable lawful basis depending on the communication. You can unsubscribe at any time.

You can withdraw any consent (e.g. to newsletters or non-essential cookies) at any time without affecting processing already done.

Correctness of Personal Data

It is important to us that your Personal Data is up to date and correct. Please inform us of any changes or inaccuracies as soon as possible. We will do our best to ensure that inaccurate or obsolete Personal Data is deleted, destroyed or corrected. If you believe the Personal Data we hold is inaccurate or obsolete, you are entitled to request that our processing is restricted while we verify it.

Data Retention

We store Personal Data only for as long as necessary for the purposes described in this Policy. Different categories of data have different retention periods:

Data typeRetention
Account dataFor as long as the account is active and thereafter 90 days before deletion or restriction, unless a legal obligation or concrete legal hold requires longer limited storage.
Uploaded documentsFor as long as the account is active and thereafter 90 days before deletion or restriction. You can delete individual documents earlier.
Chat historyFor as long as the account is active and thereafter 90 days before deletion or restriction. You can delete chat history earlier.
Prompts and outputsFor as long as the account is active and thereafter 90 days before deletion or restriction.
Embeddings/retrieval indexesSame lifecycle as the source document; deleted when the source document is deleted.
Derived artefactsSame lifecycle as the underlying data unless a specific feature requires retention; deleted with the underlying data.
Support cases12 months after account closure. Sensitive attachments should be avoided and may be deleted sooner unless a dispute, legal hold or security need requires limited storage.
Payment/accounting dataSubscription status is kept as long as needed for the subscription. Accounting records are kept per Swedish bookkeeping rules, normally seven years after the calendar year in which the financial year ended. Stripe determines retention for payment data it controls.
Analytics raw data14 months. Aggregated or anonymised statistics may be kept longer.
Security logsRetained only as long as necessary for security, fraud prevention, accountability, incident investigation, audit and legal purposes — by log type and up to approximately 12 months where necessary. Longer limited retention may apply for a specific incident, suspected misuse, legal request, dispute or concrete legal hold.
BackupsCurrent production database backups are retained through AWS RDS automated backups for 14 days. Other backups follow their documented schedules and normally expire within the applicable rotation period. Deleted data may remain in backups until backup expiry but is not used for ordinary processing.

Where a document is deleted, related extracted text, embeddings and derived artefacts that remain linkable to the document or user will also be deleted or de-linked in accordance with the applicable deletion process, unless continued limited retention is required by law or a concrete legal hold.

Data Security

We take technical and organizational measures to prevent unlawful or disallowed processing of Personal Data and other incorrect usage, destruction, disclosure, acquisition or loss. Personal Data may only be processed by a third-party processor that undertakes to comply with the same technical and organizational security measures. Maintaining data security entails guaranteeing non-disclosure, integrity and access:

  • Non-disclosure: we protect your Personal Data so that it is not unlawfully disclosed to a third party.
  • Integrity: we protect your Personal Data so that it is not unlawfully amended by an unauthorized third party.
  • Access: we ensure that authorized third parties, where necessary and lawful, are given access to your Personal Data.

For the InsurAGI service, access to production data is limited to authorised personnel with a justified need. Support and development access to uploaded documents or full chat history is not routine and is intended to be case-based, just-in-time and logged. We also use measures such as EU/EEA-controlled infrastructure, access controls, audit logging, upload/security checks and incident-handling routines appropriate to the sensitivity of the data. In the unlikely event of a personal data breach, we will notify affected individuals and the Swedish Data Protection Authority (IMY) as required by law.

Sharing Personal Data

We may share Personal Data only where necessary for the purposes described in this Policy and subject to appropriate contractual, technical and organisational safeguards. The relevant categories of recipients are:

Recipient / categoryRole or reason
AWS Ireland (EU/EEA)Hosting, file storage, databases, logs, monitoring/security and EU/EEA infrastructure.
Microsoft Azure/OpenAILLM/API functionality needed to generate document-supported answers. No training on customer data.
Mistral AI SAS (France)File/OCR/parsing functionality in the EU/EEA region.
Stripe Technology Europe Limited (Ireland)Payment and subscription processing. Stripe may act as an independent controller for some payment, fraud-prevention and regulatory processing. InsurAGI does not store card details.
Google Ireland LimitedEmail/CRM and Google Analytics on public landing pages after consent. Google Analytics is not used in logged-in service areas.
Authentication providerAccount login/authentication services.
Pebium / external development partnerDevelopment/production-environment access only where required, subject to role-based controls, just-in-time access and logging.
Support personnelNo routine access to uploaded documents or full chat history. Access is case-based, just-in-time and logged.
Unions / partnersNo individual user data in the standard setup. Robustly aggregated/anonymised statistics may be shared. Partners do not see which members use the service unless a separate scenario and notice says otherwise.
Authorities or legal recipientsOnly where required by law or necessary to protect legal interests.

We do not sell Personal Data. We do not share individual user documents, prompts, chat history, AI outputs, health data, claims information or user-level findings with insurers, unions, employers, group companies or commercial partners for their own marketing, underwriting, pricing, claims-handling, product-development or analytics purposes, unless you specifically instruct us to do so or we are legally required. Some recipients, such as Stripe or Google, may act as independent controllers for specific processing under their own legal obligations or service terms; where that is the case, their own privacy information applies.

Disclosure Outside the EU/EEA

According to the current architecture, primary data, files/documents, databases, logs, backups and embeddings/vector storage are in Ireland within the EU/EEA region. There is no routine access from the United States, UAE, India or other third countries, and no routine third-country support access. If a transfer of personal data outside the EU/EEA becomes necessary, we will use an appropriate transfer mechanism, such as an adequacy decision or the EU Standard Contractual Clauses, together with a transfer impact assessment and supplementary measures where required.

Your Rights

  • Access: you may request information about whether we process Personal Data concerning you and, where applicable, access to it and information about the purposes, categories of data, recipients, retention period and, where the data was not collected from you, its source.
  • Withdraw consent: where processing is based on your consent, you may withdraw it at any time. Withdrawal does not affect the lawfulness of processing carried out before it.
  • Object: you may object to processing based on our legitimate interests, and you may always object to processing for direct marketing (including related profiling).
  • Data portability: where processing is based on consent or a contract and is carried out by automated means, you may request the Personal Data you provided in a structured, commonly used, machine-readable format and, where technically feasible, its transmission to another controller.
  • Rectification: you may request that we correct or supplement inaccurate or incomplete Personal Data.
  • Erasure and restriction: you may request erasure where the legal conditions are met (excluding information we must retain by law), or restriction of processing in certain cases.
  • Automated decisions: you have the right not to be subject to a decision based solely on automated processing, including profiling, that produces legal or similarly significant effects. The InsurAGI service is not designed to make such decisions.

Requests to exercise your rights should be directed to the Company at info@insuragi.com. Objections to direct marketing may also be made through the unsubscribe or preference settings in the relevant marketing material.

Amendments

The Company is entitled to amend this Policy by posting an updated Policy, including relevant amendments, on the Website. The amendments come into force with immediate effect.

Contacts and Complaints

The Company is the data controller. For any matter involving secrecy, questions or complaints in relation to this Policy or the exercise of your rights, you may contact the Company at info@insuragi.com.

Complaints regarding the Company's processing of Personal Data may also be submitted to the Swedish Authority for Privacy Protection (Integritetsskyddsmyndigheten, the 'IMY') at imy@imy.se or Integritetsskyddsmyndigheten, P.O. Box 8114, 104 20 Stockholm, Sweden. The IMY recommends that a complaint include (i) the subject of the complaint, (ii) what you are dissatisfied with in as much detail as possible, (iii) a description of what happened and when, and (iv) copies, pictures or printouts of what you are complaining about.